Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo

CMS

concrete5

Concrete5 makes running a website easy. Go to any page in your site and a editing toolbar gives you all the controls you need to update your website. No intimidating manuals no complicated administration interfaces - just point and click.

Official Site:

https://www.concrete5.org/

Severity Summary:

Critical: 1 High: 4 Medium: 14 Low: 1
Reference
Title
Severity
CVE-2021-22958
concrete5 Server-Side Request Forgery (SSRF) Vulnerability
Critical
CVE-2020-11476
concrete5 Unrestricted Upload of File with Dangerous Type Vulnerability
High
CVE-2018-13790
concrete5 Server-Side Request Forgery (SSRF) Vulnerability
High
CVE-2020-24986
concrete5 Unrestricted Upload of File with Dangerous Type Vulnerability
High
CVE-2015-4724
concrete5 Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2017-18195
concrete5 Improper Input Validation Vulnerability
Medium
CVE-2017-8082
concrete5 Cross-Site Request Forgery (CSRF) Vulnerability
Medium
CVE-2017-7725
concrete5 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2017-6908
concrete5 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2017-6905
concrete5 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2018-19146
concrete5 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2015-4721
concrete5 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2015-3989
concrete5 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2015-2250
concrete5 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2014-9526
concrete5 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2014-5108
concrete5 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2014-5107
concrete5 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Medium
CVE-2012-5181
concrete5 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-14961
concrete5 Vulnerability
Medium
CVE-2021-3111
concrete5 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Low